ivabus/nixos
1
0
Fork 0
mirror of https://github.com/ivabus/nixos synced 2024-11-25 01:45:06 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add some comments, fix vetus and celerrime

Browse source 
Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
Ivan Bushchik 2023-08-23 09:38:48 +03:00
parent 4afe642684
commit 86b8eed465
No known key found for this signature in database
GPG key ID: 9F6DDABE11A2674D
23 changed files with 209 additions and 73 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
common/default.nix Normal file
View file

@ -0,0 +1,12 @@
{
imports = [
./base.nix
./laptop.nix
./locale.nix
./networking.nix
./remote-access.nix
./security.nix
./stateless.nix
./user.nix
];
}

1
common/laptop.nix
View file

@ -9,7 +9,6 @@ in {
config = lib.mkIf (cfg.enable) { config = lib.mkIf (cfg.enable) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
powertop
lm_sensors lm_sensors
]; ];

1
common/locale.nix
View file

@ -4,6 +4,7 @@
time.timeZone = "Europe/Moscow"; time.timeZone = "Europe/Moscow";
i18n.defaultLocale = "ru_RU.UTF-8"; i18n.defaultLocale = "ru_RU.UTF-8";
console = { console = {
font = "${pkgs.terminus_font}/share/consolefonts/ter-u24b.psf.gz"; font = "${pkgs.terminus_font}/share/consolefonts/ter-u24b.psf.gz";
keyMap = "us"; keyMap = "us";

4
common/networking.nix
View file

@ -4,10 +4,12 @@
networking.wireless.iwd.enable = true; networking.wireless.iwd.enable = true;
networking.wireless.iwd.settings = { networking.wireless.iwd.settings = {
General = { General = {
# Enable DHCP in IWD, TODO: don't do it
EnableNetworkConfiguration = true; EnableNetworkConfiguration = true;
}; };
}; };
# TODO: setup DoH or DoT
networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ]; networking.nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ];
networking.enableIPv6 = true; networking.enableIPv6 = true;
@ -28,6 +30,8 @@
services.timesyncd.enable = true; services.timesyncd.enable = true;
networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ]; networking.timeServers = [ "ntp1.vniiftri.ru" "0.ru.pool.ntp.org" "0.pool.ntp.org" ];
# Useful tools
boot.kernelModules = [ "af_packet" ]; boot.kernelModules = [ "af_packet" ];
environment.systemPackages = with pkgs; [ mtr tcpdump traceroute ]; environment.systemPackages = with pkgs; [ mtr tcpdump traceroute ];
} }

4
common/remote-access.nix
View file

@ -4,6 +4,8 @@
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
# Cute banner, right?
banner = '' banner = ''
Authorized access only! Authorized access only!
@ -12,5 +14,7 @@ If you are not authorized to access or use this system, disconnect now!
''; '';
}; };
# TODO: I don't use it
programs.mosh.enable = true; programs.mosh.enable = true;
} }

4
common/security.nix
View file

@ -6,8 +6,8 @@
security = { security = {
lockKernelModules = true; lockKernelModules = true;
protectKernelImage = true; protectKernelImage = true;
allowSimultaneousMultithreading = true; allowSimultaneousMultithreading = false;
forcePageTableIsolation = false; forcePageTableIsolation = true;
virtualisation.flushL1DataCache = "always"; virtualisation.flushL1DataCache = "always";
apparmor = { apparmor = {
enable = true; enable = true;

8
common/stateless.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, ... }:
{
boot.kernel.sysctl = {
"vm.panic_on_oom" = true;
"kernel.panic" = 3;
};
}

1
common/user.nix
View file

@ -7,6 +7,7 @@ in rec {
users.users.ivabus = { users.users.ivabus = {
isNormalUser = true; isNormalUser = true;
# Figure out groups I need
extraGroups = [ "wheel" "input" "video" "audio" "disk" "libvirtd" "qemu-libvirtd"]; extraGroups = [ "wheel" "input" "video" "audio" "disk" "libvirtd" "qemu-libvirtd"];
uid = 1000; uid = 1000;
packages = with pkgs; [ packages = with pkgs; [

11
default.nix Normal file
View file

@ -0,0 +1,11 @@
rec {
common = import ./common;
roles = import ./roles;
modules = { pkgs, ... }: rec {
imports = [
common
roles
];
};
}

38
flake.nix
View file

@ -27,21 +27,7 @@
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
./common/base.nix ./machines/vetus
./common/laptop.nix
./common/locale.nix
./common/networking.nix
./common/remote-access.nix
./common/security.nix
./common/user.nix
./roles/graphical.nix
./roles/latex.nix
./roles/gaming.nix
./roles/devel.nix
./roles/virtualisation.nix
./roles/yggdrasil-client.nix
./machines/vetus/configuration.nix
./machines/vetus/hardware.nix
]; ];
}; };
@ -51,19 +37,7 @@
modules = [ modules = [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
apple-silicon-support.nixosModules.apple-silicon-support apple-silicon-support.nixosModules.apple-silicon-support
./common/base.nix ./machines/celerrime
./common/user.nix
./common/laptop.nix
./common/networking.nix
./common/locale.nix
./common/remote-access.nix
./roles/graphical.nix
./roles/latex.nix
#./roles/gaming.nix
./roles/devel.nix
./roles/yggdrasil-client.nix
./machines/celerrime/configuration.nix
./machines/celerrime/hardware.nix
]; ];
}; };
@ -73,11 +47,9 @@
nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem { nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
./common/base.nix home-manager.nixosModules.home-manager
./common/user.nix apple-silicon-support.nixosModules.apple-silicon-support
./roles/laptop.nix ./machines/effundam
./machines/effundam/configuration.nix
./machines/effundam/hardware.nix
]; ];
}; };
*/ */

16
machines/celerrime/configuration.nix
View file

@ -1,16 +0,0 @@
{ config, pkgs, ... }:
{
imports = [ ];
networking.hostName = "celerrime";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
boot.kernelParams = [ "apple_dcp.show_notch=1" ];
hardware.asahi.peripheralFirmwareDirectory = ../../asahi/firmware;
hardware.asahi.addEdgeKernelConfig = true;
hardware.asahi.useExperimentalGPUDriver = true;
system.stateVersion = "23.05";
}

35
machines/celerrime/default.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, pkgs, ... }:
let
my = import ../..;
in {
imports = [
./hardware.nix
my.modules
];
networking.hostName = "celerrime";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
# Enable screen space near notch
boot.kernelParams = [ "apple_dcp.show_notch=1" ];
my.laptop.enable = true;
my.roles = {
design.enable = true;
devel.enable = true;
gaming.enable = false;
graphical.enable = true;
latex.enable = true;
virtualisation.enable = false;
yggdrasil-client.enable = true;
};
# Setup asahi-specific things. NOTE: you must copy firmware from ESP to /etc/nixos/asahi/firmware
hardware.asahi.peripheralFirmwareDirectory = ../../asahi/firmware;
hardware.asahi.addEdgeKernelConfig = true;
hardware.asahi.useExperimentalGPUDriver = true;
system.stateVersion = "23.05";
}

32
machines/example/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, pkgs, lib, ... }:
let
my = import ../..;
in {
imports = [
./hardware.nix # Use nixos-generate-config --show-hardware-config > /etc/nixos/machines/MACHINE/hardware.nix
my.modules
];
# Bootloader configuration
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "MACHINE";
# All "my" options
my.laptop.enable = true;
my.roles = {
design.enable = true;
devel.enable = true;
gaming.enable = true;
graphical.enable = true;
latex.enable = true;
virtualisation.enable = true;
yggdrasil-client.enable = true;
};
system.stateVersion = "23.05";
}

38
machines/stella/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, pkgs, lib, ... }:
let
my = import ../..;
in {
imports = [
./hardware.nix
my.modules
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "stella";
my.laptop.enable = true;
my.roles = {
design.enable = true;
devel.enable = true;
gaming.enable = true;
graphical.enable = true;
latex.enable = true;
virtualisation.enable = true;
yggdrasil-client.enable = true;
};
services.xserver.videoDrivers=["amdgpu"];
boot.initrd.kernelModules=["amdgpu"];
powerManagement = {
enable = true;
cpuFreqGovernor = "ondemand";
};
system.stateVersion = "23.05";
}

14
machines/vetus/configuration.nix
View file

@ -1,14 +0,0 @@
{ config, pkgs, ... }:
{
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "vetus";
system.stateVersion = "23.05";
}

33
machines/vetus/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, pkgs, ... }:
let
my = import ../..;
in {
imports = [
./hardware.nix
my.modules
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "vetus";
my.laptop.enable = false;
my.roles = {
design.enable = true;
devel.enable = true;
gaming.enable = true;
graphical.enable = true;
latex.enable = true;
virtualisation.enable = true;
yggdrasil-client.enable = true;
};
services.xserver.videoDrivers=["amdgpu"];
boot.initrd.kernelModules=["amdgpu"];
system.stateVersion = "23.05";
}

2
machines/vetus/hardware.nix
View file

@ -7,7 +7,7 @@
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = ["amdgpu"]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

11
roles/default.nix Normal file
View file

@ -0,0 +1,11 @@
{
imports = [
./design.nix
./devel.nix
./gaming.nix
./graphical.nix
./latex.nix
./virtualisation.nix
./yggdrasil-client.nix
];
}

2
roles/devel.nix
View file

@ -26,11 +26,13 @@ in {
(lib.mkIf (!pkgs.stdenv.isAarch64) {boot.binfmt.emulatedSystems = [ "aarch64-linux" ];}) (lib.mkIf (!pkgs.stdenv.isAarch64) {boot.binfmt.emulatedSystems = [ "aarch64-linux" ];})
(lib.mkIf (!pkgs.stdenv.isx86_64) {boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];}) (lib.mkIf (!pkgs.stdenv.isx86_64) {boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ];})
# Remove CLion from builds while I'm semi-online # Remove CLion from builds while I'm semi-online
# Install CLion only if we are on x86_64
/*(lib.mkIf (pkgs.stdenv.isx86_64) { /*(lib.mkIf (pkgs.stdenv.isx86_64) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
jetbrains.clion jetbrains.clion
]; ];
})*/ })*/
# Install vscode only if we are on x86_64 or aarch64 or aarch32
(lib.mkIf (pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) { (lib.mkIf (pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vscode vscode

8
roles/gaming.nix
View file

@ -4,13 +4,11 @@ let
cfg = config.my.roles.gaming; cfg = config.my.roles.gaming;
in { in {
options.my.roles.gaming.enable = lib.mkEnableOption "Enable wine & steam"; options.my.roles.gaming.enable = lib.mkEnableOption "Enable wine & steam";
config = lib.mkIf (cfg.enable) { config = lib.mkIf (cfg.enable) (lib.mkMerge {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
hardware.opengl.driSupport32Bit = true; hardware.opengl.driSupport32Bit = true;
services.pipewire.alsa.support32Bit = true; services.pipewire.alsa.support32Bit = true;
programs.steam.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
steam
wineWowPackages.stable wineWowPackages.stable
wine wine
(wine.override { wineBuild = "wine64"; }) (wine.override { wineBuild = "wine64"; })
@ -18,5 +16,7 @@ in {
winetricks winetricks
wineWowPackages.waylandFull wineWowPackages.waylandFull
]; ];
}; }
# Enable steam only on x86_64 (since we have hosts with ARM, but I don't think I will enable my.roles.gaming on ARM system soon)
(lib.mkIf(pkgs.stdenv.isx86_64) {programs.steam.enable = true;}))
} }

2
roles/graphical.nix
View file

@ -15,7 +15,6 @@ in {
ffmpeg ffmpeg
cinnamon.nemo cinnamon.nemo
usbmuxd usbmuxd
telegram-desktop
keepassxc keepassxc
]; ];
@ -29,6 +28,7 @@ in {
}; };
}; };
}; };
programs.sway = { programs.sway = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [

4
roles/latex.nix
View file

@ -5,7 +5,9 @@ let
in { in {
options.my.roles.latex.enable = lib.mkEnableOption "Enable latex stuff"; options.my.roles.latex.enable = lib.mkEnableOption "Enable latex stuff";
config = lib.mkIf (cfg.enable){ config = lib.mkIf (cfg.enable){
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs;
# Maybe I don't need to use -full variant of texlive
# I should find distribution I actually need
texlive.combined.scheme-full texlive.combined.scheme-full
]; ];
}; };

1
roles/yggdrasil-client.nix
View file

@ -10,6 +10,7 @@ in {
persistentKeys = true; persistentKeys = true;
settings = { settings = {
Peers = [ Peers = [
# Maybe add more peers, not only mine
"tls://ygg.iva.bz:50002" "tls://ygg.iva.bz:50002"
]; ];
}; };